You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
3.9 KiB
82 lines
3.9 KiB
/*==================================================================================================
|
|
|
|
Copyright (c) 2020 Siemens Product Lifecycle Management Software Inc.
|
|
|
|
====================================================================================================
|
|
Filename: Sanitizer.hxx
|
|
|
|
File description:
|
|
==================================================================================================*/
|
|
#ifndef TEAMCENTER_SANITIZER_HXX
|
|
#define TEAMCENTER_SANITIZER_HXX
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include <sanitizer/libsanitizer_exports.h>
|
|
|
|
namespace Teamcenter
|
|
{
|
|
class Sanitizer;
|
|
}
|
|
|
|
class SANITIZER_API Teamcenter::Sanitizer
|
|
{
|
|
public:
|
|
|
|
/**
|
|
* Sanitize a user input string before including it in a command to be executed in another process or shell (e.g.,
|
|
* with Runtime.exec()). The method is intended to detect and prevent command injection attacks. It checks whether
|
|
* the input string contains shell control characters or OS commands that might be signs of command injection.
|
|
*
|
|
* @param theInput the user input string to be sanitized.
|
|
* @return the input string if the string is judged to be safe for command execution.
|
|
* @throws SanitizationException if the string is judged unsafe for command execution.
|
|
* @published
|
|
*/
|
|
static std::string sanitizeCommand(const std::string& theInput);
|
|
|
|
|
|
/**
|
|
* Sanitize a user input string before it is included in a file path to be opened for read or write. The method is
|
|
* intended to detect and prevent file path traversal attacks. It checks that the input string is a relative path
|
|
* and does not contain character sequences such as "../.." that can traverse out of a base directory. For stronger
|
|
* validation handling symbolic links or if an absolute path is to be sanitized, the sanitizePathWithWhitelist
|
|
* method is recommended instead.
|
|
*
|
|
* @param theInput the user input string to be sanitized.
|
|
* @return the normalized version of input string if the string is judged to be free of path traversal attacks
|
|
* @throws SanitizationException if the string is suspected for a path traversal attack as well as untrust absoulute path.
|
|
* @published
|
|
*/
|
|
static std::string sanitizePath(const std::string& theInput);
|
|
|
|
/**
|
|
* Sanitize a user input string before it is included in a file path to be opened for read or write. The method is
|
|
* intended to detect and prevent file path traversal attacks. It checks that the input string denotes a file that
|
|
* is either in the white list or is within a directory in the whitelist. If validExtensions is provided the file
|
|
* must also have an extension that is in the list. Unlike sanitizePath, the input to be sanitized is allowed to be an
|
|
* absolute path.
|
|
*
|
|
* @param whiteList user input valid file path list to begin with
|
|
* @param validExtensions user input valid file extension list to end with
|
|
* @param theInput the user input string to be sanitized.
|
|
* @param ignoreCase Perform case insensitive path comparisons for theInput with whitelist and validExtensions values by default.
|
|
* @return String the input string if the string is judged to be free of path/file attacks
|
|
* @throws SanitizationException an Sanitization exception is thrown
|
|
* @published
|
|
*/
|
|
static std::string sanitizePathWithWhiteList(std::vector< std::string >& whiteList, std::vector< std::string >& validExtensions, const std::string& theInput, bool ignoreCase = true);
|
|
|
|
private:
|
|
static std::string m_delimiters;
|
|
static const int m_numInvalidStrings = 20;
|
|
static std::string m_invalidStringList2[];
|
|
};
|
|
|
|
#include <sanitizer/libsanitizer_undef.h>
|
|
#endif
|
|
|
|
|
|
|